A Sad Steemit Day: My Account Was Hacked!!!

in #hack7 years ago (edited)

Some devil hack my Steemit account and withdrew my earnings to @bittrex. I hope he goes to hell, literally!

So today I woke up doing my routine which is going to Discord and browsing through the notifications of @ginabot when I stopped in a Coin Transfer notice. Still feeling sleepy, my brain processed this awful information for a minute before reality hit me that my hard-earned SBD and Steem was withdrawn by an unauthorized user. I was mortified and can't believe what just happened.Some crypto devil withdrew all of my earnings!

IMG_20180314_201227.JPG
Ginabot notified me of the unauthorized withdrawal.

IMG_20180314_201331.JPG
Very traumatic!

I don't have a Bittrex account and I have not made any withdrawals for the month. I literally cried my heart out while typing furiously to different Steemit group chats both in Discord and Messenger asking members for help. Sir @iyanpol12 came to my rescue first and helped me analyze the situation asking me if there is a power down schedule (thankfully there was none) and said that I should change my password. I immediately did change my password but still hoping my earnings will be retrieved. Members of my #steemitfamilyph responded too and they checked my account. Sir @kennyroy, sir @wagun001 and sis @ankarlie helped me also in my situation. Sir @kennyroy and sir @wagun001 asked me to email and message @bittrex which I did and hopefully I can recover what I loss.

My Hunch On How A Hacker Got Hold of My Account

Screenshot_20180314_200836.jpg
This is the Dummy DTube App on Google Playstore.

Last Sunday, I got curious about @dtube so I search for an app on Google playstore and found one that was run by. I opened it and I signed up using my master key password on my Steemit account (yes, I know very wrong move!). After registering, I browsed through the DTube app and was confused because I can't do anything with it, not even uploading my own video. I search for the accounts of my co-Steemians who I know uploads videos through DTube also but nothing appears. This gave me cold sweat and I felt afraid because it struck me that this could be a phising app or something and so, I uninstalled it. Bad move that I didn't thought of changing my password after uninstalling which led me to this awful scenario.

What I did? I left a bad review on the app because of what happened to me. Gosh, there was also a bad review before me saying the app was a scam but I didn't listen because I thought it was still legit since the moderator replied.

IMG_20180314_201411.JPG
Apparently, I'm not the only who experience being hacked by the Hacker DTube App.

IMG_20180314_201509.JPG
This proves that I'm not the only one and this is not an isolated case.

Screenshot_20180314_200806.jpg
This looks like dummy accounts too made by the hacker to leave positive reviews on the app which is totally a lie!

Being hacked is very frustrating!

Now, I am traumatized.

Yes, that's what I felt. I felt used and abused. Nothing beats being hacked in making a person afraid and lose confidence in the platform. I don't want to feel this way but I can't help it. I mean, this is actually my first time getting hold of cryptos (Bitcoin on default, of course) and enjoying and loving it but now I have fear.

I hope that hacker gets a taste of his/her own medicine.

Now, I am still hoping I can retrieve my SBD and Steem. I am also pleading to @surpassinggoogle, @steemgigs, @teamsteem, @beanz, @paradise-found and other witnesses and whales to help me in retrieving my earnings.

I read an article by @simplymike which was all about the things he learned from being hacked. The only good news on this is that the hacker did not changed my password so I have the chance to change it. I am also asking for help to @deliberator, @penderis, @wilfredn, @bashadow from #newbieresteemday to help me also.

IMG_20180314_204938.JPG

To all Steemians, NEVER SHARE YOUR PASSWORD TO ANY THIRD PARTY WEBSITES!

The only thing I can do now is to hope everything will turn out positively.

emdesan (1).png

Sort:  

This is indeed very sad and truamatic. I hope you are able to withdraw your earnings. Is there no way the bittrex account can be blocked and the owner fished out?
So many phishing website out there. Everyone should be careful on given private key to third party site.
Very sorry about your loss

I'm so sorry, that this happened to you! I really hope, that these scammers will be caught and get punished for it. At least you got a new follower with me and I hope, that your rewards from this post alone will compensate your loss. All the best! 🙏

I am sorry to hear this happened to you.

SUGGESTION: Go back into your app store and go to the page for the app. Instead of donwloading it again, scroll all the way down to the bottom of the page and "Flag As Inappropriate." When the choices appear, select "Copycat or Impersonation" so that Google Play will know it is a scam! I just flagged them, too, and if enough of us do it, they WILL do something!

Thanks for the tip! I already flagged it.

Flagged as per your suggestion.

It's a shame I can't resteem comments, because this one deserves a lot more upvotes than it currently has!

Hi @emdesan55, I'm really sorry to hear that you've been a victim of a phishing attack. Unfortunately, I don't think there's much you can do to get the money back without tracing the payment back to bittrex and successfully identifying the hacker by their bittrex account But this will be hard to do.

Others may have more innovative ideas as to how we can help you to retrieve the lose Steem/SBDs, so I leave the floor open for them to discuss it. At this point, my opinion is that you should think of the loss of ~25% of your account value as the cost of a lesson in security, and take steps to protect your account further! For example, you should never log in with your password, but instead with your posting/active keys as needed.

I know that this comes too late and it won't change what has already happened, but better a small loss now than a bigger loss in the future!

You are right. Thank you for your kind words @wilfredn. Good thing I was also notified by @ginabot.

Maybe tracing the hacker by his Google play account would be more effective than tracing it back through bittrex?

I'm not sure if it would lead back to the hacker, but Google must keep some record of who uploaded that dummy app.

@emdesan sorry to hear. Remember to use the Savings function if you hold more than 20 STEEM or 20 SBD. Your steem power is safe due to 1/13th withdrawal per week and Savings have a holding time of 3 days. This can prevent immediate transfers out of your account. Hope this helps :)

Yes, thanks for the information. This really helps and I will follow your tip

Sad situation to hear about. Be aware there are so many phishing scams nowadays. The key thing to remember is to ensure that you are signing in through SteemConnect or officially through Steemit.com and always be careful who or what you are sharing your credentials with

Yes, I learned my lesson now and I will limit exploring on third party websites too

Reading through, i cant say i know how you feel, but i know its disheartening and painful, who ever is behind this would get a full bite of his own medicine. Not just a taste. Thanks to this i hope people won’t fall victim.
Sorry once again.

Thank you for your support. It was heartbreaking for me but I want to share with you all because that is what the least I can do to stop this hacker from victimizing other people.

I am so sorry for your loss. I sincerely hope that you get your Steem and SBD dollars back. Thank you for speaking up and sharing your experience. I learnt a lot of lessons from this. One that stuck with me is about downloading Steem based apps from Google Playstore.

At the moment, I only have two apps installed on my phone that are Steem based - Steepshot and eSteem. It took me days to deliberate and read every article on Steemit that endorsed those apps as being genuine. Not just any articles, but articles from trusted and verified sources. Even at that, I am still careful when logging into these apps.

I sincerely hope and wish that the Steem team comes up with a solution to this.

I also hope to get back what I loss but that looks impossible now yet I am still positive about what happened now becausd I realized my experience can help many Steemians to be aware and careful all the time. I do hope Steemit will take this issue seriously and make actions to stop scammers.

I am very sorry to hear of your loss, unfortunately this world has very bad people that want to gain off the sweat of others.Thank you for sharing your story which should serve as a lesson to everyone. Lets pray that the people at bittrex can trace the transactions using the memo numbers and reverse them OR at-least explain which account withdrew it. Good luck @emdesan wishing you all the best :)

Thank you for your support. I hope Bittrex can really help me trace what account stole my earnings.

No way!!!
I heard that a lot of Steemit users got their accounts got hacked in the past days. This is awful, isn't it?
And also there's a scamming site named steevit. It's 'V' instead of 'm'. Don't click the links you get without checking the URL

the one i ecountered yesterday was steemil. its "L" instead of "T".

This is a big probem!!!
Beep beep! Hackers everywhere!

Yup! Hackers nowadays are creative and full of tricks up their sleeves. We should all read first the links before doing anything or plainly don't click any links and manually type steemit in the web address bar.

Yup, you are right.

Coin Marketplace

STEEM 0.21
TRX 0.21
JST 0.035
BTC 91680.24
ETH 3137.17
USDT 1.00
SBD 3.00